Discovered 


opposition  individuals  who  could  have  possibly  been  traveling  with  the  ships  of  interest 


Our  Approach 

• Queried  over  900  towers  and  other  selectors  in  MAINWAY/SEDB  in  attempt 
to  discover  any  identifiable  selectors  around  the  coordinates  of  interest. 

• Created  another  query  based  on  identified  selectors  of  interest  to  pull  for 
any  cell  fan  information  in  order  to  more  precisely  locate  each  selector  of 
interest. 

• Queried  in  SEDB  ship  data  on  the  ships  of  interest  and  plotted  the  track  the 
ships  took  into 

• Identified  selectors  by  cell  fan  information  seen  near  the  ports  where  the 
ships  of  interest  had  docked.  Also  correlated  any  selectors  moving  in 
relation  to  the  ships’  movements  using  cell  fan  data. 


Mission  Example  and  Result:  The  HAPPYFOOT  analytic  aggregates  leaked  location-based  service  / location-aware  application  data 
to  infer  IP  address  geo-locations.  SDS  identified  ‘Public1  and  ‘private1  usage  of  the  same  IP  address  that  caused  HAPPYFOOT  to 
assign^^^|netblocks  to^^^^^lgeo-locations  (the  IP  address  was  used  in  both  countries).  This  private  network  is  now 
being  realmed  and  properly  geo-located.  Ongoing  work  will  solve  this  realming  problem  for  networks  affecting  other  cloud  analytics. 
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Our  Approach 

•Tracked  ^(target's  converged  communications  and  CNE  accesses. 

• Monitored  passive  internet  traffic;  created  automated  processes  where 
possible  (XKS  ANCHORMAN,  Workflows,  Fingerprints). 

• Provided  TAO/GCHQ  with  WLLids/DSL  accounts,  Cookies, 
GoogiePREFIDs  to  enable  remote  exploitation. 

• Partnered  with  NGAand  R4  to  confirm  locations  and  USRP  equipment 
based  on  collected  photographs. 

• Drove  CNE  collection  and  partnered  with  TAO  to  increase  USRP 
specific  endpoint  accesses. 

• Provided  knowledge  to  interagency  partners  for  potential  on  the  ground 
survey  options  and  FBI-led  intelligence  guiding  efforts. 
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(S//SI//REL  TO  USA,  FVEY)  Metadata/Target  Discovery:  Analyze  DNR/DN I/Convergence 
metadata  for  target  discovery,  identify  gaps  in  collection,  processing,  and  analytic 
methodologies;  Improve  metadata  collection  and  processing;  Create  analytics  that 
automate  or  improve  analytic  methodologies;  Conduct  target  discovery  through  multipl 
technology  thrusts,  including  endpoint,  web-based  technologies/services,  mobile 
applications  and  networks,  geo-location  analysis,  correlations/identity  Analysis,  Social 
Network  Analysis;  Collaboration/facilitation  with  TAG,  S3,  CIA,  ODNI,  SSO,  CES,  and  SSG 
centers. 


